From dd279ba5484652d64149f34ae260d3a8c9cde349 Mon Sep 17 00:00:00 2001 From: "13621160019@163.com" <13621160019@163.com> Date: Wed, 10 Nov 2021 18:04:15 +0800 Subject: [PATCH 1/2] added access control to actions of user in api --- .../controllers/users/user/user.controller.js | 15 +++-- admin/app/services/users/user/user.service.js | 16 +++--- myems-api/core/combinedequipment.py | 2 +- myems-api/core/contact.py | 2 +- myems-api/core/costcenter.py | 2 +- myems-api/core/costfile.py | 2 +- myems-api/core/datasource.py | 2 +- myems-api/core/distributioncircuit.py | 2 +- myems-api/core/distributionsystem.py | 2 +- myems-api/core/emailmessage.py | 2 +- myems-api/core/emailserver.py | 2 +- myems-api/core/energycategory.py | 2 +- myems-api/core/energyflowdiagram.py | 2 +- myems-api/core/energyitem.py | 2 +- myems-api/core/equipment.py | 2 +- myems-api/core/gateway.py | 2 +- myems-api/core/knowledgefile.py | 2 +- myems-api/core/menu.py | 2 +- myems-api/core/meter.py | 2 +- myems-api/core/notification.py | 2 +- myems-api/core/offlinemeter.py | 2 +- myems-api/core/offlinemeterfile.py | 2 +- myems-api/core/point.py | 2 +- myems-api/core/privilege.py | 2 +- myems-api/core/rule.py | 2 +- myems-api/core/sensor.py | 2 +- myems-api/core/shopfloor.py | 2 +- myems-api/core/space.py | 2 +- myems-api/core/store.py | 2 +- myems-api/core/storetype.py | 2 +- myems-api/core/tariff.py | 2 +- myems-api/core/tenant.py | 2 +- myems-api/core/tenanttype.py | 2 +- myems-api/core/textmessage.py | 2 +- myems-api/core/timezone.py | 2 +- myems-api/core/user.py | 53 ++--------------- .../core/{userlogger.py => useractivity.py} | 57 +++++++++++++++++++ myems-api/core/virtualmeter.py | 2 +- myems-api/core/webmessage.py | 2 +- myems-api/core/wechatmessage.py | 2 +- 40 files changed, 114 insertions(+), 99 deletions(-) rename myems-api/core/{userlogger.py => useractivity.py} (66%) diff --git a/admin/app/controllers/users/user/user.controller.js b/admin/app/controllers/users/user/user.controller.js index 52793684..42301675 100644 --- a/admin/app/controllers/users/user/user.controller.js +++ b/admin/app/controllers/users/user/user.controller.js @@ -46,7 +46,8 @@ app.controller('UserController', function ($scope, } }); modalInstance.result.then(function (user) { - UserService.addUser(user, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + UserService.addUser(user, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -85,7 +86,8 @@ app.controller('UserController', function ($scope, }); modalInstance.result.then(function (modifiedUser) { - UserService.editUser(modifiedUser, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + UserService.editUser(modifiedUser, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -123,12 +125,8 @@ app.controller('UserController', function ($scope, }); modalInstance.result.then(function (modifiedUser) { - let data = { - name: modifiedUser.name, - password: modifiedUser.password }; - + let data = {name: modifiedUser.name, password: modifiedUser.password }; let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; - UserService.resetPassword(data, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ @@ -166,7 +164,8 @@ app.controller('UserController', function ($scope, }, function (isConfirm) { if (isConfirm) { - UserService.deleteUser(user, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + UserService.deleteUser(user, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/users/user/user.service.js b/admin/app/services/users/user/user.service.js index b8ad7d67..29d39962 100644 --- a/admin/app/services/users/user/user.service.js +++ b/admin/app/services/users/user/user.service.js @@ -17,16 +17,16 @@ app.factory('UserService', function($http) { callback(response); }); }, - addUser: function(user, callback) { - $http.post(getAPI()+'users',{data:user}) + addUser: function(user, headers, callback) { + $http.post(getAPI()+'users', {data:user}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editUser: function(user, callback) { - $http.put(getAPI()+'users/'+user.id,{data:user}) + editUser: function(user, headers, callback) { + $http.put(getAPI()+'users/'+user.id, {data:user}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -49,16 +49,16 @@ app.factory('UserService', function($http) { callback(response); }); }, - deleteUser: function(user, callback) { - $http.delete(getAPI()+'users/'+user.id) + deleteUser: function(user, headers, callback) { + $http.delete(getAPI()+'users/'+user.id, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - getUser: function(id, callback) { - $http.get(getAPI()+'users/'+id) + getUser: function(id, headers, callback) { + $http.get(getAPI()+'users/'+id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/core/combinedequipment.py b/myems-api/core/combinedequipment.py index d2c3cb2c..e9dc182d 100644 --- a/myems-api/core/combinedequipment.py +++ b/myems-api/core/combinedequipment.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class CombinedEquipmentCollection: diff --git a/myems-api/core/contact.py b/myems-api/core/contact.py index 2ddf5bcb..5a10a0d3 100644 --- a/myems-api/core/contact.py +++ b/myems-api/core/contact.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid import re -from core.userlogger import user_logger +from core.useractivity import user_logger class ContactCollection: diff --git a/myems-api/core/costcenter.py b/myems-api/core/costcenter.py index be55fc8a..8e609bce 100644 --- a/myems-api/core/costcenter.py +++ b/myems-api/core/costcenter.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class CostCenterCollection: diff --git a/myems-api/core/costfile.py b/myems-api/core/costfile.py index f9b8ce57..366dd923 100644 --- a/myems-api/core/costfile.py +++ b/myems-api/core/costfile.py @@ -5,7 +5,7 @@ import config import uuid from datetime import datetime, timezone, timedelta import os -from core.userlogger import user_logger +from core.useractivity import user_logger class CostFileCollection: diff --git a/myems-api/core/datasource.py b/myems-api/core/datasource.py index 58c37e2d..250d21e9 100644 --- a/myems-api/core/datasource.py +++ b/myems-api/core/datasource.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid from datetime import datetime, timezone, timedelta -from core.userlogger import user_logger +from core.useractivity import user_logger class DataSourceCollection: diff --git a/myems-api/core/distributioncircuit.py b/myems-api/core/distributioncircuit.py index a630bfc8..e4ac8d7d 100644 --- a/myems-api/core/distributioncircuit.py +++ b/myems-api/core/distributioncircuit.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class DistributionCircuitCollection: diff --git a/myems-api/core/distributionsystem.py b/myems-api/core/distributionsystem.py index 749ccb77..d1385da8 100644 --- a/myems-api/core/distributionsystem.py +++ b/myems-api/core/distributionsystem.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class DistributionSystemCollection: diff --git a/myems-api/core/emailmessage.py b/myems-api/core/emailmessage.py index 2f146580..0068462f 100644 --- a/myems-api/core/emailmessage.py +++ b/myems-api/core/emailmessage.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class EmailMessageCollection: diff --git a/myems-api/core/emailserver.py b/myems-api/core/emailserver.py index c057e14f..2603c3b7 100644 --- a/myems-api/core/emailserver.py +++ b/myems-api/core/emailserver.py @@ -4,7 +4,7 @@ import mysql.connector import config import base64 import re -from core.userlogger import user_logger +from core.useractivity import user_logger class EmailServerCollection: diff --git a/myems-api/core/energycategory.py b/myems-api/core/energycategory.py index 3aeb9b1c..3f06c110 100644 --- a/myems-api/core/energycategory.py +++ b/myems-api/core/energycategory.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class EnergyCategoryCollection: diff --git a/myems-api/core/energyflowdiagram.py b/myems-api/core/energyflowdiagram.py index 4e61e127..82c8c7d5 100644 --- a/myems-api/core/energyflowdiagram.py +++ b/myems-api/core/energyflowdiagram.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class EnergyFlowDiagramCollection: diff --git a/myems-api/core/energyitem.py b/myems-api/core/energyitem.py index 16585c00..f2edffcb 100644 --- a/myems-api/core/energyitem.py +++ b/myems-api/core/energyitem.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class EnergyItemCollection: diff --git a/myems-api/core/equipment.py b/myems-api/core/equipment.py index 755d4be0..cdd2c9cd 100644 --- a/myems-api/core/equipment.py +++ b/myems-api/core/equipment.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class EquipmentCollection: diff --git a/myems-api/core/gateway.py b/myems-api/core/gateway.py index 0947643b..da64fba3 100644 --- a/myems-api/core/gateway.py +++ b/myems-api/core/gateway.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid from datetime import datetime, timezone, timedelta -from core.userlogger import user_logger +from core.useractivity import user_logger class GatewayCollection: diff --git a/myems-api/core/knowledgefile.py b/myems-api/core/knowledgefile.py index c71b6cd7..6b2ce3f5 100644 --- a/myems-api/core/knowledgefile.py +++ b/myems-api/core/knowledgefile.py @@ -7,7 +7,7 @@ from datetime import datetime, timezone, timedelta import os import base64 import sys -from core.userlogger import user_logger +from core.useractivity import user_logger class KnowledgeFileCollection: diff --git a/myems-api/core/menu.py b/myems-api/core/menu.py index 143b2f6f..2f620d75 100644 --- a/myems-api/core/menu.py +++ b/myems-api/core/menu.py @@ -2,7 +2,7 @@ import falcon import simplejson as json import mysql.connector import config -from core.userlogger import user_logger +from core.useractivity import user_logger class MenuCollection: diff --git a/myems-api/core/meter.py b/myems-api/core/meter.py index 1aa5b3fb..ce01ffa1 100644 --- a/myems-api/core/meter.py +++ b/myems-api/core/meter.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class MeterCollection: diff --git a/myems-api/core/notification.py b/myems-api/core/notification.py index 423e4e94..24ea7046 100644 --- a/myems-api/core/notification.py +++ b/myems-api/core/notification.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class NotificationCollection: diff --git a/myems-api/core/offlinemeter.py b/myems-api/core/offlinemeter.py index 223851e9..2cbb486b 100644 --- a/myems-api/core/offlinemeter.py +++ b/myems-api/core/offlinemeter.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class OfflineMeterCollection: diff --git a/myems-api/core/offlinemeterfile.py b/myems-api/core/offlinemeterfile.py index 0f10b562..d6456829 100644 --- a/myems-api/core/offlinemeterfile.py +++ b/myems-api/core/offlinemeterfile.py @@ -5,7 +5,7 @@ import config import uuid from datetime import datetime, timezone, timedelta import os -from core.userlogger import user_logger +from core.useractivity import user_logger class OfflineMeterFileCollection: diff --git a/myems-api/core/point.py b/myems-api/core/point.py index b52accdf..30c2d678 100644 --- a/myems-api/core/point.py +++ b/myems-api/core/point.py @@ -2,7 +2,7 @@ import falcon import simplejson as json import mysql.connector import config -from core.userlogger import user_logger +from core.useractivity import user_logger class PointCollection: diff --git a/myems-api/core/privilege.py b/myems-api/core/privilege.py index e454cd02..f0faa48d 100644 --- a/myems-api/core/privilege.py +++ b/myems-api/core/privilege.py @@ -2,7 +2,7 @@ import falcon import simplejson as json import mysql.connector import config -from core.userlogger import user_logger +from core.useractivity import user_logger class PrivilegeCollection: diff --git a/myems-api/core/rule.py b/myems-api/core/rule.py index f096fec9..c11e7bcf 100644 --- a/myems-api/core/rule.py +++ b/myems-api/core/rule.py @@ -4,7 +4,7 @@ import mysql.connector import uuid from datetime import datetime, timezone, timedelta import config -from core.userlogger import user_logger +from core.useractivity import user_logger class RuleCollection: diff --git a/myems-api/core/sensor.py b/myems-api/core/sensor.py index 808dd78a..b8984ed8 100644 --- a/myems-api/core/sensor.py +++ b/myems-api/core/sensor.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class SensorCollection: diff --git a/myems-api/core/shopfloor.py b/myems-api/core/shopfloor.py index 20c79dd9..2a547307 100644 --- a/myems-api/core/shopfloor.py +++ b/myems-api/core/shopfloor.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class ShopfloorCollection: diff --git a/myems-api/core/space.py b/myems-api/core/space.py index a4e7a218..ec22a28a 100644 --- a/myems-api/core/space.py +++ b/myems-api/core/space.py @@ -6,7 +6,7 @@ import uuid from datetime import datetime from anytree import AnyNode from anytree.exporter import JsonExporter -from core.userlogger import user_logger +from core.useractivity import user_logger class SpaceCollection: diff --git a/myems-api/core/store.py b/myems-api/core/store.py index dc7eae68..1ecc9825 100644 --- a/myems-api/core/store.py +++ b/myems-api/core/store.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class StoreCollection: diff --git a/myems-api/core/storetype.py b/myems-api/core/storetype.py index 64ca2113..42ef51ed 100644 --- a/myems-api/core/storetype.py +++ b/myems-api/core/storetype.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class StoreTypeCollection: diff --git a/myems-api/core/tariff.py b/myems-api/core/tariff.py index 64b1d580..dd61168d 100644 --- a/myems-api/core/tariff.py +++ b/myems-api/core/tariff.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class TariffCollection: diff --git a/myems-api/core/tenant.py b/myems-api/core/tenant.py index 31389811..b84d5881 100644 --- a/myems-api/core/tenant.py +++ b/myems-api/core/tenant.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class TenantCollection: diff --git a/myems-api/core/tenanttype.py b/myems-api/core/tenanttype.py index 761d566c..40ac9113 100644 --- a/myems-api/core/tenanttype.py +++ b/myems-api/core/tenanttype.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class TenantTypeCollection: diff --git a/myems-api/core/textmessage.py b/myems-api/core/textmessage.py index 6c8d9822..04d989fc 100644 --- a/myems-api/core/textmessage.py +++ b/myems-api/core/textmessage.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class TextMessageCollection: diff --git a/myems-api/core/timezone.py b/myems-api/core/timezone.py index 1dbb5356..2d1c156b 100644 --- a/myems-api/core/timezone.py +++ b/myems-api/core/timezone.py @@ -2,7 +2,7 @@ import falcon import simplejson as json import mysql.connector import config -from core.userlogger import user_logger +from core.useractivity import user_logger class TimezoneCollection: diff --git a/myems-api/core/user.py b/myems-api/core/user.py index 35b014fa..8c8fd9f5 100644 --- a/myems-api/core/user.py +++ b/myems-api/core/user.py @@ -7,7 +7,7 @@ import hashlib import re import os from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger, write_log +from core.useractivity import user_logger, write_log, access_control class UserCollection: @@ -22,52 +22,9 @@ class UserCollection: @staticmethod def on_get(req, resp): - if 'USER-UUID' not in req.headers or \ - not isinstance(req.headers['USER-UUID'], str) or \ - len(str.strip(req.headers['USER-UUID'])) == 0: - raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', - description='API.INVALID_USER_UUID') - admin_user_uuid = str.strip(req.headers['USER-UUID']) - - if 'TOKEN' not in req.headers or \ - not isinstance(req.headers['TOKEN'], str) or \ - len(str.strip(req.headers['TOKEN'])) == 0: - raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', - description='API.INVALID_TOKEN') - admin_token = str.strip(req.headers['TOKEN']) - - # Check administrator privilege + access_control(req) cnx = mysql.connector.connect(**config.myems_user_db) cursor = cnx.cursor() - query = (" SELECT utc_expires " - " FROM tbl_sessions " - " WHERE user_uuid = %s AND token = %s") - cursor.execute(query, (admin_user_uuid, admin_token,)) - row = cursor.fetchone() - - if row is None: - cursor.close() - cnx.disconnect() - raise falcon.HTTPError(falcon.HTTP_404, title='API.NOT_FOUND', - description='API.ADMINISTRATOR_SESSION_NOT_FOUND') - else: - utc_expires = row[0] - if datetime.utcnow() > utc_expires: - cursor.close() - cnx.disconnect() - raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', - description='API.ADMINISTRATOR_SESSION_TIMEOUT') - - query = (" SELECT name " - " FROM tbl_users " - " WHERE uuid = %s AND is_admin = true ") - cursor.execute(query, (admin_user_uuid,)) - row = cursor.fetchone() - if row is None: - cursor.close() - cnx.disconnect() - raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.INVALID_PRIVILEGE') - query = (" SELECT u.id, u.name, u.display_name, u.uuid, " " u.email, u.is_admin, p.id, p.name, " " u.account_expiration_datetime_utc, u.password_expiration_datetime_utc " @@ -110,7 +67,7 @@ class UserCollection: @staticmethod def on_post(req, resp): """Handles POST requests""" - # todo: add access control + access_control(req) # todo: add user log try: raw_json = req.stream.read().decode('utf-8') @@ -246,7 +203,7 @@ class UserItem: @staticmethod def on_get(req, resp, id_): - # todo: add access control + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_USER_ID') @@ -291,6 +248,7 @@ class UserItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_USER_ID') @@ -320,6 +278,7 @@ class UserItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: diff --git a/myems-api/core/userlogger.py b/myems-api/core/useractivity.py similarity index 66% rename from myems-api/core/userlogger.py rename to myems-api/core/useractivity.py index f40e5c4b..de04c4f3 100644 --- a/myems-api/core/userlogger.py +++ b/myems-api/core/useractivity.py @@ -9,6 +9,58 @@ import simplejson as json import falcon +def access_control(req): + """ + Check administrator privilege in request headers to protect resources from invalid access + :param req: HTTP request + :return: HTTPError if invalid else None + """ + if 'USER-UUID' not in req.headers or \ + not isinstance(req.headers['USER-UUID'], str) or \ + len(str.strip(req.headers['USER-UUID'])) == 0: + raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', + description='API.INVALID_USER_UUID') + admin_user_uuid = str.strip(req.headers['USER-UUID']) + + if 'TOKEN' not in req.headers or \ + not isinstance(req.headers['TOKEN'], str) or \ + len(str.strip(req.headers['TOKEN'])) == 0: + raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', + description='API.INVALID_TOKEN') + admin_token = str.strip(req.headers['TOKEN']) + + # Check administrator privilege + cnx = mysql.connector.connect(**config.myems_user_db) + cursor = cnx.cursor() + query = (" SELECT utc_expires " + " FROM tbl_sessions " + " WHERE user_uuid = %s AND token = %s") + cursor.execute(query, (admin_user_uuid, admin_token,)) + row = cursor.fetchone() + + if row is None: + cursor.close() + cnx.disconnect() + raise falcon.HTTPError(falcon.HTTP_404, title='API.NOT_FOUND', + description='API.ADMINISTRATOR_SESSION_NOT_FOUND') + else: + utc_expires = row[0] + if datetime.utcnow() > utc_expires: + cursor.close() + cnx.disconnect() + raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', + description='API.ADMINISTRATOR_SESSION_TIMEOUT') + query = (" SELECT name " + " FROM tbl_users " + " WHERE uuid = %s AND is_admin = true ") + cursor.execute(query, (admin_user_uuid,)) + row = cursor.fetchone() + cursor.close() + cnx.disconnect() + if row is None: + raise falcon.HTTPError(falcon.HTTP_400, 'API.BAD_REQUEST', 'API.INVALID_PRIVILEGE') + + def write_log(user_uuid, request_method, resource_type, resource_id, request_body): """ :param user_uuid: user_uuid @@ -43,6 +95,11 @@ def write_log(user_uuid, request_method, resource_type, resource_id, request_bod def user_logger(func): + """ + Decorator for logging user activities + :param func: the decorated function + :return: the decorator + """ @wraps(func) def logger(*args, **kwargs): qualified_name = func.__qualname__ diff --git a/myems-api/core/virtualmeter.py b/myems-api/core/virtualmeter.py index effe4d5b..e7bf2af3 100644 --- a/myems-api/core/virtualmeter.py +++ b/myems-api/core/virtualmeter.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.userlogger import user_logger +from core.useractivity import user_logger class VirtualMeterCollection: diff --git a/myems-api/core/webmessage.py b/myems-api/core/webmessage.py index de481c79..83b0aefe 100644 --- a/myems-api/core/webmessage.py +++ b/myems-api/core/webmessage.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class WebMessageCollection: diff --git a/myems-api/core/wechatmessage.py b/myems-api/core/wechatmessage.py index 953cfcf4..1aba6b05 100644 --- a/myems-api/core/wechatmessage.py +++ b/myems-api/core/wechatmessage.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.userlogger import user_logger +from core.useractivity import user_logger class WechatMessageCollection(object): From 8f8bc8a9691226042a6a5879dc0034ba71923006 Mon Sep 17 00:00:00 2001 From: "13621160019@163.com" <13621160019@163.com> Date: Wed, 10 Nov 2021 18:12:30 +0800 Subject: [PATCH 2/2] added access control to actions of user in api --- myems-api/MyEMS.postman_collection.json | 62 +++++++++++++++++++++---- 1 file changed, 53 insertions(+), 9 deletions(-) diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 7f12cf99..e004b81f 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -6518,15 +6518,26 @@ "type": "noauth" }, "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", + "type": "text" + } + ], "url": { - "raw": "{{base_url}}/users/2", + "raw": "{{base_url}}/users/1", "host": [ "{{base_url}}" ], "path": [ "users", - "2" + "1" ] } }, @@ -6536,7 +6547,18 @@ "name": "POST Create New User", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"albert1\", \"display_name\":\"Mr. Albert\", \"email\":\"albert1@myems.io\", \"is_admin\":false, \"privilege_id\":1, \"password\":\"!MyEMS1\", \"account_expiration_datetime\":\"2100-01-01T00:00:00\",\"password_expiration_datetime\":\"2100-01-01T00:00:00\"}}" @@ -6579,7 +6601,18 @@ "name": "DELETE User", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/users/2", "host": [ @@ -6597,7 +6630,18 @@ "name": "PUT Update User Profile", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"albert\", \"display_name\":\"Mr. Albert\", \"email\":\"albert@myems.io\", \"is_admin\":false, \"privilege_id\":1, \"password\":\"!MyEMS1\", \"account_expiration_datetime\":\"2100-01-01T00:00:00\",\"password_expiration_datetime\":\"2100-01-01T00:00:00\"}}" @@ -6637,7 +6681,7 @@ }, { "key": "Token", - "value": "18f212f9fe64adcf34f6e618eb9f72a0e8b4c411", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", "type": "text" } ], @@ -6670,7 +6714,7 @@ }, { "key": "Token", - "value": "b3a1b48ff5a9a3f67ec16848c5ddf9a42bf17045", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", "type": "text" } ], @@ -6703,7 +6747,7 @@ }, { "key": "Token", - "value": "b3a1b48ff5a9a3f67ec16848c5ddf9a42bf17045", + "value": "b422ef869a947eb8dd058f5c9464b11769db7be3232b327fb8a4edac28118df876a5d7d3ab1d8175ef81169126d01fbe3b38baa6da62edf4cbf49b2bef0ed9a7", "type": "text" } ],